CVE-2017-2900

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description The issue is caused by an integer overflow in the PNG loading functionality. This can be exploited by using a specially crafted '.png' file, which can cause a buffer overflow and allow for code execution under the context of the application. An attacker can trigger this issue by convincing a user to use the malicious file as an asset via the sequencer.

Recommendations For version 2.78c, consider avoiding the use of untrusted PNG files in the sequencer until a patch is available. As a temporary workaround, restrict the loading of PNG files to only trusted sources to minimize the risk of exploitation.